Elevated Privilege Vulnerability in Sysinternals PsTools Products
CVE-2004-2730

Currently unrated

Key Information:

Vendor: Microsoft
Status: Psshutdown; Psservice; Psgetsid; Pspasswd
Vendor: CVE Published:; 31 December 2004

Summary

The Sysinternals PsTools suite prior to version 2.05 contains a flaw where the tools do not properly disconnect from remote IPC$ and ADMIN$ shares. This lack of disconnection permits local users who exploit existing share mappings to gain elevated access to these shares, which could compromise sensitive information or lead to unauthorized actions on the affected systems.

References

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=...

x_refsource_MISC

http://www.securityfocus.com/bid/10759

vdb-entryx_refsource_BID

http://secunia.com/advisories/12108

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 8, 2007
Vulnerability published
Dec 31, 2004